-----BEGIN PGP SIGNED MESSAGE-----
michael nt milne wrote:
> Just a quick query about Zope security etc. I've got an installation on a
> Windows server using Apache, which also hosts internal email/data etc. This
> is behind a router/firewall. Just wondering if there are any Zope security
> issues that I should be aware of? How secure is Zope?
> PS This is a re-send as it bounced the first time round.
I would rate Zope overall as a reasonably secure platform. Because the
builk of it, including all the socket handling code, is written in
Python, it does not suffer from buffer overflow problems. If you look
at the list of security alerts ("hotfixes", see
you will note that the *vast* majority of them have been relevant only
for sites which allow less-than-fully-trusted users to write
through-the-web code, a use case which most sites do not have.
Zope's own security model is used to protect data within the ZODB from
improper access by site visitors. It is possible to configure the model
for *very* fine-grained access control; OTOH, such safely using such
power requires mastering a good deal of complexity. Other frameworks
build atop Zope (CMF, Plone, Silva, CPS) present reduced views of that
flexibility, tailored to well-understood patterns.
For machines which handle both Zope and other sensitive data:
- Zope is a long-running process: the user-as-whom-Zope-runs (UAWZR),
should ideally be a dedicated account, with read access to the Zope
instance directory ("INSTANCE_HOME"), Zope software directorie, and
neccesary system libraries, and write access only to the directories
where it writes its data and logfiles (the '$INSTANCE_HOME/var').
- Zope's own security model trusts the filesystem code implicitly,
which means that you *don't* want to give arbitrary access to the
software directory or the instance home. You should probably block
even read access to the 'var' subdirectory, as the database files
there might expose sensitive data to prying eyes.
Note that none of this advice is Windows-specific. One bit shich is:
- When running a ZEO storage server, you need to protect the socket
on which it listens from unauthorized access. On a Unix box, you
can make it a Unix-domain socket, which can be protected with
appropriate filesystem permissions. If using a TCP socket (required
on Windows), you need to configure it to listen only on "trusted"
interfaces, e.g., localhost, or an IP address which is in a
carefully firewalled submet.
Tres Seaver +1 202-558-7113 [EMAIL PROTECTED]
Palladion Software "Excellence by Design" http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
Zope maillist - Zope@zope.org
** No cross posts or HTML encoding! **
(Related lists -